The London Stock Exchange website spread malware in yet another case of malvertising. When will ad networks clean up their act?

InfoWorld|Mar 1, 2011

Is it time to blame the messenger? That's the question following the revelation that the London Stock Exchange's website displayed malicious advertisements that may very well have infected visitors to the site.

However, like many instances involving so-called malvertisements, the story is not so simple: The London Stock Exchange was not hacked, but merely displayed content from a third-party advertising network. Online criminals managed to sneak into the servers of marketing service Unanimis and slip malicious code into queued advertisements. Those malicious ads were then displayed on the sites of its clients.

In total, 515 advertisements contained malicious code or links to malicious sites, according to Unanimis. The London Stock Exchange was only one of the sites affected by the attack. Others reportedly include MyVue.com, Ebay.co.uk, and Autotrader.co.uk. Unanimis accepted blame for the attack emanating from the London Stock Exchange website in statements made this week.

"This event was linked to unauthorized ad-server access," David Nelson, operations and IT director for Unanimis, said in an email interview. "The way in which that access was attained is subject to [a] current investigation. Having obtained access, the perpetrator modified live creative tags to include an i-frame which invoked the malware message."

Unanimis is not the first to fall prey to the ministrations of malware purveyors. In August, security firm Armorize found that domains parked with Network Associates contained a third-party widget that attempted to infect visitors to those sites. In December, ad giant DoubleClick fell prey to a similar attack, allowing ads from fake firm AdShufffle.com (spelled with three f's) that then attempted to infect the computers of visitors to the sites of DoubleClick's clients.

It's time for ad networks to do a better job of locking down their networks. Third-party content providers are a perfect way for criminals to target as many computers as possible with their attacks. Unanimis' Nelson realizes this, and the company has already tightened up its review of advertisers to head off social engineering attacks, but it obviously missed a vulnerability somewhere.

"This is something we take very seriously and as a result of this event we will ... undertake a fresh review of our process, making any improvements where we can," Nelson said.

Given that focused attackers can find a hole in most security measures, and that ad networks are such high-payoff targets for cyber criminals, perhaps its time for advertising networks to work together to create best practices and require a number of defenses to lessen the impact of future attacks.